Add a generic header application

Architecture

Header Architecture

Flow

User signs in to Okta.
Okta send user identity SAML to Access Gateway.
Access Gateway adds required application attributes to header and forwards request to back end application.
Application performs request and returns results to Access Gateway.
Access Gateway performs rewrites and returns request to user.

For more details on the header application reference architecture see Header reference architecture.

Before you begin

Ensure that:

You have administrator rights on your Okta tenant and can assign applications to users and create groups.
Appropriate DNS entries for both the header application and the external exposed new URL exist.
For example:
Value Description
https://ext-header.example.com Legacy application URL.
Referenced by the end user.
https://int-header.example.com Protected Web resource URL.
Referenced by Access Gateway.

Typical workflow

Task	Description
Create a containing group	Best practice, create an optional group to be assigned to the application.
Create header application	Create a header application which defaults to the shared common back end.
Assign certificate	[Optional] Continue the app creation process by assigning an optional certificate to the application.
Add additional attributes	[Optional] Add additional attributes to the application.
Add access policy	[Optional] Add access control policy.
Test the application	Test the application.
Troubleshoot	When required troubleshoot the integration.

Related topics

Add application behaviors. See Application behaviors.

Add fine grained policy to further protect resources. See Application policy and Manage access control application policy for an overview on user policy and for examples respectively.

Extend existing policy using custom configuration. See Advanced Access Gateway policy.

© 2025 Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Feedback